VYPR
Vendor

Libav

Products
3
CVEs
113
Across products
121
Status
Private

Products

3

Recent CVEs

113
View all 113 CVEs →
  • CVE-2017-9051CriMay 18, 2017
    risk 0.64cvss 9.8epss 0.02

    libav before 12.1 is vulnerable to an invalid read of size 1 due to NULL pointer dereferencing in the nsv_read_chunk function in libavformat/nsvdec.c.

  • CVE-2016-3062HigJun 16, 2016
    risk 0.58cvss 8.8epss 0.04

    The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file.

  • CVE-2018-5766HigJan 18, 2018
    risk 0.57cvss 8.8epss 0.02

    In Libav through 12.2, there is an invalid memcpy in the av_packet_ref function of libavcodec/avpacket.c. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) via a crafted avi file.

  • CVE-2018-5684HigJan 14, 2018
    risk 0.57cvss 8.8epss 0.01

    In Libav through 12.2, there is an invalid memcpy call in the ff_mov_read_stsd_entries function of libavformat/mov.c. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) and program failure with a crafted avi file.

  • CVE-2017-17130HigDec 4, 2017
    risk 0.57cvss 8.8epss 0.02

    The ff_free_picture_tables function in libavcodec/mpegpicture.c in Libav 12.2 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to vc1_decode_i_blocks_adv.

  • CVE-2017-17129HigDec 4, 2017
    risk 0.57cvss 8.8epss 0.01

    The ff_vc1_mc_4mv_chroma4 function in libavcodec/vc1_mc.c in Libav 12.2 allows remote attackers to cause a denial of service (segmentation fault and application crash) or possibly have unspecified other impact via a crafted file.

  • CVE-2018-11102HigMay 15, 2018
    risk 0.49cvss 7.5epss 0.03

    An issue was discovered in Libav 12.3. A read access violation in the mov_probe function in libavformat/mov.c allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv.

  • CVE-2017-16803HigNov 13, 2017
    risk 0.49cvss 7.5epss 0.03

    In Libav through 11.11 and 12.x through 12.1, the smacker_decode_tree function in libavcodec/smacker.c does not properly restrict tree recursion, which allows remote attackers to cause a denial of service (bitstream.c:build_table() out-of-bounds read and application crash) via a…

  • CVE-2017-11684HigJul 27, 2017
    risk 0.49cvss 7.5epss 0.02

    There is an illegal address access in the build_table function in libavcodec/bitstream.c of Libav 12.1 that will lead to remote denial of service via crafted input.

  • CVE-2017-9987HigJun 28, 2017
    risk 0.49cvss 7.5epss 0.02

    There is a heap-based buffer overflow in the function hpel_motion in mpegvideo_motion.c in libav 12.1. A crafted input can lead to a remote denial of service attack.

  • CVE-2017-7208HigMar 21, 2017
    risk 0.46cvss 7.1epss 0.01

    The decode_residual function in libavcodec in libav 9.21 allows remote attackers to cause a denial of service (buffer over-read) or obtain sensitive information from process memory via a crafted h264 video file.

  • CVE-2017-7206HigMar 21, 2017
    risk 0.46cvss 7.1epss 0.01

    The ff_h2645_extract_rbsp function in libavcodec in libav 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read) or obtain sensitive information from process memory via a crafted h264 video file.

  • CVE-2018-11224MedMay 17, 2018
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in Libav 12.3. A read access violation in the in_table_init16 function in libavcodec/aacsbr.c allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv.

  • CVE-2017-18247MedMar 23, 2018
    risk 0.42cvss 6.5epss 0.01

    The av_audio_fifo_size function in libavutil/audio_fifo.c in Libav 12.2 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted media file.

  • CVE-2017-18246MedMar 23, 2018
    risk 0.42cvss 6.5epss 0.01

    The pcm_encode_frame function in libavcodec/pcm.c in Libav 12.2 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted media file.

  • CVE-2017-18245MedMar 23, 2018
    risk 0.42cvss 6.5epss 0.01

    The mpc8_probe function in libavformat/mpc8.c in Libav 12.2 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted audio file.

  • CVE-2017-18244MedMar 22, 2018
    risk 0.42cvss 6.5epss 0.01

    The stereo_processing function in libavcodec/aacps.c in Libav 12.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted aac file, related to ff_ps_apply.

  • CVE-2017-18243MedMar 22, 2018
    risk 0.42cvss 6.5epss 0.01

    The unpack_parse_unit function in libavcodec/dirac_parser.c in Libav 12.2 allows remote attackers to cause a denial of service (segmentation fault) via a crafted file.

  • CVE-2017-18242MedMar 22, 2018
    risk 0.42cvss 6.5epss 0.01

    The apply_dependent_coupling function in libavcodec/aacdec.c in Libav 12.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted aac file.

  • CVE-2017-1000460MedJan 3, 2018
    risk 0.42cvss 6.5epss 0.00

    In line libavcodec/h264dec.c:500 in libav(v13_dev0), ffmpeg(n3.4), chromium(56 prior Feb 13, 2017), the return value of init_get_bits is ignored and get_ue_golomb(&gb) is called on an uninitialized get_bits context, which causes a NULL deref exception.